from typing import List
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes, serialization

def generate_csr(private_key_pem: str, domains: List[str]) -> bytes:
    private_key = serialization.load_pem_private_key(
        private_key_pem.encode("utf-8"), password=None
    )
    common_name = domains[0]
    csr_builder = x509.CertificateSigningRequestBuilder().subject_name(
        x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, common_name)])
    ).add_extension(
        x509.SubjectAlternativeName([x509.DNSName(d) for d in domains]),
        critical=False
    )
    csr = csr_builder.sign(private_key, hashes.SHA256())
    return csr.public_bytes(serialization.Encoding.PEM)
